Fedora 9 : thunderbird-18.104.22.168-1.fc9 (2008-6737)
Critical Nessus Plugin ID 33842
SynopsisThe remote Fedora host is missing a security update.
(CVE-2008-2802, CVE-2008-2803) A flaw was found in the way a malformed .properties file was processed by Thunderbird. A malicious extension could read uninitialized memory, possibly leaking sensitive data to the extension. (CVE-2008-2807) A flaw was found in the way Thunderbird displayed information about self-signed certificates. It was possible for a self-signed certificate to contain multiple alternate name entries, which were not all displayed to the user, allowing them to mistakenly extend trust to an unknown site. (CVE-2008-2809) Thunderbird was updated to upstream version 22.214.171.124 to address these flaws: http://www.mozilla.org/security/known- vulnerabilities/thunderbird20.html#thunderbird126.96.36.199
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected thunderbird package.